Introduction

What is driving Electronic Commerce and e-Government solutions? The answer is simple: useful applications and user-friendly yet secure solutions that can deliver operational cost savings. Smartcards, used for providing digital signatures for Electronic Commerce (EC), never caught on in any significant volume for the mere fact that there are very few smartcard readers around, which makes such solutions very expensive. However, there is an alternative approach: Signature in the Cloud - or signature servers as we call them - introduced by Cryptomathic in 2000 long before cloud solutions came into fashion. This approach has been a tremendous success in countries like Denmark, Norway and Luxembourg and it is catching on outside Europe as well.

What is the goal?

There are obvious enormous savings for government agencies, companies, individuals and the environment if we can communicate - and not least commit and be held liable - electronically, using digital signatures, rather than by paper. Nevertheless, you need to start with the applications that makes it attractive to the end-users. We have already seen how attractive e-banking and Internet shopping has become, and if you think of all the letters you get throughout the year from public authorities e.g. on various taxes, registration for voting, pension etc., you start grasping the significance of making this digital. To this list you can add insurance, utilities, TV-license and much more. What are the Challenges?

WYSIWYS The main challenges are around the generation of digital signatures. In 1998, we coined the phrase WYSIWYS, What You See is What You Sign. The point is that when you read something off the screen of your tablet, workstation or whatever, and you want to commit to it - just as where you would traditionally be prepared and expected to physically sign it - by digitally signing "it", how do you ascertain that it really is this message, and this message only, that you are committing to? This by far is the hardest thing to achieve, as this really is a challenge unless you have a Trusted Graphical User Interface (GUI), which you do not!

Storing the private key on a chipcard does not in any way address this challenge, and the only way to deal with this in case there is no Trusted GUI is to use two independent channels, as it is very unlikely both be attacked at the same time.

Why the Signature Server solutions are preferrable

With a central signature server or "signatures in the cloud", the challenge as far as the individual user is concerned is to ensure that:

The user is properly authenticated before s/he can sign a message

Only the owner of a particular private key can initiate the signature calculation

WYSIWYS

Each server is supported by tamper resistant hardware boxes, so-called Hardware Security Modules (HSMs), and all secure calculations and verifications are carried out entirely by and in an HSM. This is very much like payment card transactions are being authorised by banks.

PKI becomes transparent This approach furthermore enables significant simplification and removes the shortcomings of a traditional PKI solution, where everybody in principle may communicate securely with everybody.

First of all, once a user is properly identified and registered, his private key pair is generated by the signature server - and never leaves it - and the signature server can have a certificate issued at the Certificate Authority (CA). The CA ONLY issues such certificates for signature servers that are associated and adhere to the same kind of solution and security level. Thus all applications for which this Infrastructure is used will in principle be able to recognise if a received signature from another user has been generated on a security server rather than a chipcard or even worse, in software.

Certificate expiry/revocation is no longer an issue With the central signer approach, revocation becomes a non-issue, except for a very short clearing period. Indeed, with the central signer approach, the millisecond a certificate is revoked by the CA, the central signature server is informed by the CA, so requests from the user to sign with his private key are no longer honoured. So again, if the CA used in conjunction with a central signer solution issues certificates only on public keys where the private key is stored with an authorised central signature server, you no longer need blacklists. Indeed, when you receive a digital signature generated by the central signature server, you know the private key used to generate must have been valid at the time the signature was generated!

EU legislation Back in 1999, EU legislation was put in place for solutions where a digital signature could have the same legal value as a handwritten signature, provided a number of conditions were satisfied. One of these were that a Secure Signature Creation Device (SSCD) was used, and the only solution anticipated was a chipcard. Meanwhile we have learned that central signature server solutions are much more appropriate. There are now nationwide deployments in countries across Europe and the Middle East that are highly successful, with more than 60% of all citizens, in some countries, using the solution on an almost daily basis. This has been widely recognised in the EU Commission and regulation now allows for a central signature server as a Secure Signature Creation Device (SSCD).

Conclusion

Signature Generation in the cloud is the most likely enabler of large scale eGovernment and Electronic Commerce solutions as it is as safe or safer than the old-fashioned chipcard approach, as it enables WYSIWYS and last but not least, it makes the underlying PKI transparent to the end-user.